machines: add new host
This commit is contained in:
parent
15aab14759
commit
26dd3d4db1
11 changed files with 70 additions and 46 deletions
3
Makefile
3
Makefile
|
@ -23,7 +23,8 @@ MACHINES := \
|
||||||
asus-gl553vd
|
asus-gl553vd
|
||||||
|
|
||||||
VPS := \
|
VPS := \
|
||||||
magenta
|
magenta \
|
||||||
|
canigou
|
||||||
|
|
||||||
help:
|
help:
|
||||||
cat Makefile
|
cat Makefile
|
||||||
|
|
|
@ -114,7 +114,10 @@
|
||||||
RULES = "./.agenix_config.nix";
|
RULES = "./.agenix_config.nix";
|
||||||
};
|
};
|
||||||
tools = pkgs.mkShell {
|
tools = pkgs.mkShell {
|
||||||
packages = [ pkgs.gucharmap ];
|
packages = with pkgs; [
|
||||||
|
gucharmap
|
||||||
|
wireguard-tools
|
||||||
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
})
|
})
|
||||||
|
|
22
machines/canigou/default.nix
Normal file
22
machines/canigou/default.nix
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
data = import ../../data.nix;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./hardware-configuration.nix
|
||||||
|
./networking.secret.nix # generated at runtime by nixos-infect
|
||||||
|
|
||||||
|
../modules/common.nix
|
||||||
|
../modules/fail2ban.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.cleanTmpDir = true;
|
||||||
|
zramSwap.enable = true;
|
||||||
|
|
||||||
|
networking.hostName = "canigou";
|
||||||
|
|
||||||
|
services.openssh.enable = true;
|
||||||
|
users.users.root.openssh.authorizedKeys.keys = data.publicKeys.users.jan;
|
||||||
|
}
|
9
machines/canigou/hardware-configuration.nix
Normal file
9
machines/canigou/hardware-configuration.nix
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
{ modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
||||||
|
boot.loader.grub.device = "/dev/sda";
|
||||||
|
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
|
||||||
|
boot.initrd.kernelModules = [ "nvme" ];
|
||||||
|
fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
|
||||||
|
}
|
BIN
machines/canigou/networking.secret.nix
Normal file
BIN
machines/canigou/networking.secret.nix
Normal file
Binary file not shown.
|
@ -2,6 +2,15 @@
|
||||||
|
|
||||||
let
|
let
|
||||||
hardware = inputs.hardware.nixosModules;
|
hardware = inputs.hardware.nixosModules;
|
||||||
|
|
||||||
|
inherit (inputs.nixpkgs) lib;
|
||||||
|
inherit (builtins) head;
|
||||||
|
getTargetHost = file:
|
||||||
|
let
|
||||||
|
net = import file { inherit lib; };
|
||||||
|
ipv4addrs = net.networking.interfaces.eth0.ipv4.addresses;
|
||||||
|
in
|
||||||
|
(head ipv4addrs).address;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
home = {
|
home = {
|
||||||
|
@ -37,10 +46,18 @@ in
|
||||||
magenta = {
|
magenta = {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
|
|
||||||
targetHost = "45.131.41.215";
|
targetHost =
|
||||||
|
getTargetHost ./magenta/networking.secret.nix;
|
||||||
|
|
||||||
extraModules = [
|
extraModules = [
|
||||||
inputs.mailserver.nixosModule
|
inputs.mailserver.nixosModule
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
canigou = {
|
||||||
|
system = "x86_64-linux";
|
||||||
|
|
||||||
|
targetHost =
|
||||||
|
getTargetHost ./canigou/networking.secret.nix;
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,11 +6,12 @@ in
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
./networking.nix # generated at runtime by nixos-infect
|
./networking.secret.nix # generated at runtime by nixos-infect
|
||||||
|
|
||||||
../modules/common.nix
|
../modules/common.nix
|
||||||
../modules/nix.nix
|
../modules/nix.nix
|
||||||
../modules/nginx.nix
|
../modules/nginx.nix
|
||||||
|
../modules/fail2ban.nix
|
||||||
|
|
||||||
./services/mailserver.nix
|
./services/mailserver.nix
|
||||||
./services/gitea.nix
|
./services/gitea.nix
|
||||||
|
@ -18,6 +19,7 @@ in
|
||||||
|
|
||||||
boot.cleanTmpDir = true;
|
boot.cleanTmpDir = true;
|
||||||
zramSwap.enable = true;
|
zramSwap.enable = true;
|
||||||
|
|
||||||
networking.hostName = "magenta";
|
networking.hostName = "magenta";
|
||||||
|
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
|
@ -27,13 +29,4 @@ in
|
||||||
acceptTerms = true;
|
acceptTerms = true;
|
||||||
defaults.email = "dmitriy@pleshevski.ru";
|
defaults.email = "dmitriy@pleshevski.ru";
|
||||||
};
|
};
|
||||||
|
|
||||||
services.fail2ban = {
|
|
||||||
enable = true;
|
|
||||||
bantime-increment = {
|
|
||||||
enable = true;
|
|
||||||
factor = "4";
|
|
||||||
maxtime = "48h";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,33 +0,0 @@
|
||||||
{ lib, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
# This file was populated at runtime with the networking
|
|
||||||
# details gathered from the active system.
|
|
||||||
networking = {
|
|
||||||
nameservers = [
|
|
||||||
"188.93.16.19"
|
|
||||||
"188.93.17.19"
|
|
||||||
"8.8.8.8"
|
|
||||||
];
|
|
||||||
defaultGateway = "45.131.41.1";
|
|
||||||
defaultGateway6 = "";
|
|
||||||
dhcpcd.enable = false;
|
|
||||||
usePredictableInterfaceNames = lib.mkForce false;
|
|
||||||
interfaces = {
|
|
||||||
eth0 = {
|
|
||||||
ipv4.addresses = [
|
|
||||||
{ address = "45.131.41.215"; prefixLength = 24; }
|
|
||||||
];
|
|
||||||
ipv6.addresses = [
|
|
||||||
{ address = "fe80::f816:3eff:fe58:d30a"; prefixLength = 64; }
|
|
||||||
];
|
|
||||||
ipv4.routes = [{ address = "45.131.41.1"; prefixLength = 32; }];
|
|
||||||
# ipv6.routes = [{ address = ""; prefixLength = 128; }];
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
|
||||||
};
|
|
||||||
services.udev.extraRules = ''
|
|
||||||
ATTR{address}=="fa:16:3e:58:d3:0a", NAME="eth0"
|
|
||||||
'';
|
|
||||||
}
|
|
BIN
machines/magenta/networking.secret.nix
Normal file
BIN
machines/magenta/networking.secret.nix
Normal file
Binary file not shown.
12
machines/modules/fail2ban.nix
Normal file
12
machines/modules/fail2ban.nix
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
services.fail2ban = {
|
||||||
|
enable = true;
|
||||||
|
bantime-increment = {
|
||||||
|
enable = true;
|
||||||
|
factor = "4";
|
||||||
|
maxtime = "48h";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
Binary file not shown.
Loading…
Reference in a new issue